Awesome
Windows_STIG_Ansible
Ansible Playbooks for SimeonOnSecurity's STIG Scripts
Notes:
- Offline support is only supported when downloading direct from this github.
- Ansible galaxy collection does not include the offline copies of the dependencies
Requirements:
- Requires you have secure WinRM over HTTPS already configured on your Windows Systems
- STIGs mandate you have WinRM over HTTPs if you use WinRM. This in mind, this collection enforces changes that enforce WinRM over HTTPs. If you're using plaintext WinRM this collection will break your communication with your windows hosts.
- Read the following for more information:
- Must be using a domain account for your ansible user
- UAC is enforced with implementing STIGs and with this Collection
- With UAC enabled, winrm disallows all local accounts even with specific exceptions
Usage:
Installation:
ansible-galaxy collection install simeononsecurity.windows_stigs
Based on:
- simeononsecurity/STIG-Compliant-Domain-Prep
- simeononsecurity/Standalone-Windows-STIG-Script
- simeononsecurity/Standalone-Windows-Server-STIG-Script
- simeononsecurity/Windows-Defender-STIG-Script
- simeononsecurity/.NET-STIG-Script
- simeononsecurity/FireFox-STIG-Script
- simeononsecurity/Oracle-JRE-8-STIG-Script
- simeononsecurity/Adobe-Reader-DC-STIG-Script